How medical practices – large and small – can provide continuous and effective care, even in the face of rising cyber threats to EHRs

As the world around us becomes increasingly digitally integrated, the amount of data created each day also grows. Recent projections claim that global data volume is set to increase rapidly, reaching an astronomical 180 zettabytes by 2025. For perspective, 1 billion terabytes is approximately equal to 1 zettabyte. Adding to that, it is estimated that about 30% of the world’s data volume is generated by the health care sector. Understandably, navigating this steep growth presents many opportunities for those with sophisticated (and often criminal) intentions to create havoc through ransomware and other means of service interruptions. The risks will only continue to rise with no end to data growth in sight.

Recognizing risks, creating solutions

Digitizing information has proven to create a more swift and efficient way of providing care, as electronic data permits doctors to quickly access a patient’s diagnoses, treatment plans, medications, test results, and medical history. But with reward can come great risk. Electronic health record (EHR) downtimes are any period where the computer systems are unavailable, and a survey conducted by Trend Micros Incorporated found that 86% of global healthcare organizations’ operations have suffered operational outages as a direct ransomware attack on their organizations. These outages can cost more than $8,000 each minute, halting productivity and leaving providers scrambling while patient data is exposed to parties seeking profit. At the current rate, health leaders expect the damage from cyberattacks could cost as much as $10.5 trillion annually.

During unexpected downtime, health care workers are often forced to use unsecured communication methods, such as text messaging, fax, and email, to communicate patient information. The methods leave patient data vulnerable to being accessed by unauthorized individuals. To ensure the most vital communications and patient workflows are not affected by unexpected downtime due to ransomware attacks, medical practices of all sizes are integrating HIPPA-compliant, secure and encrypted solutions.

However, even when a standard EHR chat tool comes with “secure” messaging, it can still be inadequate when it comes to its capability to integrate all providers, facilities, and departments. There is often a redundancy of communications outside the EHR, as figuring out where to send patients may result in “phone tag” between hospital personnel and delays in placing the patient in a room. Additionally, multiple people may need the same patient information, meaning more phone calls and vulnerability during a cyberattack.

Providing a reliably safe and secure environment

Health care organizations seeking to protect their patients’ sensitive information should consider integrating a HIPPA-compliant, secure, and encrypted clinical communication and collaboration (CC&C) platform that functions outside of EHR. Such solutions ensure that patient information remains safe and uncompromised even if the device on which records are accessed is lost, stolen, or hacked. Furthermore, with this type of communication platform, there are options for automatic message deletion after a certain period or remote wiping of devices to guarantee that no sensitive patient data is inadvertently put at risk. Overall, it is clear that organizations can take advantage of these solutions to provide comprehensive security for their patient information.

With a CC&C platform, patient care can be provided more effectively and efficiently by supporting communication between everyone, from primary care physicians and surgeons to specialists and even administrative teams, so that they may truly engage and take a team approach to provide holistic care. It allows all parties to communicate and leverage their specific experiences to build collaborative care plans successfully and securely in one place. This supports providers with the means to keep the most important electronic information safe while improving patient outcomes with the ability to make quick decisions, effectively communicate and streamline treatment and planning.

Protecting the most important data as it grows

EHRs will experience unplanned downtime – it’s inevitable. Unfortunately, as the data universe grows exponentially when providers rely only upon this platform, it puts their patient’s data in a vulnerable position. Hackers lurking in the background are ready at any moment to pounce on a vulnerability because they know the value of patient data that’s held hostage in an attack or what that data is worth when sold on the open market. This is only becoming more common and problematic. Even with modern advancements, only using an EHR by itself limits a provider’s functionality and how well they can serve their patients. It’s important to remember that the primary purpose of an EHR was to keep records and handle billing – not to be a means for efficient communication across the care continuum.

Healthcare organizations must recognize the importance of investing in secure CC&C platforms that are integrated with EHRs. Such integration provides the added benefit of eliminating manual paperwork, storing data securely in case of an outage, and reducing costs and risk for all involved. By leveraging advanced security strategies, health care practitioners can rest assured that their patients’ data always remains secure and accessible, thus guaranteeing high-quality care is consistently provided. Organizations should look for solutions that are not only robust but also easy to use to ensure that information is quickly and accurately shared between providers, allowing them to focus on providing quality patient care. With the right solution and careful implementation, organizations can take the necessary steps toward creating a digital ecosystem that keeps patient data safe while improving communication amongst care teams.

Will O’Connor, M.D., is the chief medical information officer at TigerConnect. He’s an industry-known physician executive with more than 20 years of health care experience focused on operations, strategic planning, consulting, client delivery, and thought leadership across the health care industry. As an orthopedic surgeon, Dr. O’Connor has significant provider experience as well as deep commercial experience, having worked for multiple companies, including McKesson, Allscripts/Eclipsys, and PriceWaterhouseCoopers. He specializes in assisting large health systems, academic medical centers, community hospitals, and payers leverage health care information technology and operational improvements to advance their clinical and financial outcomes. Additional experience includes EHR and HIE implementations, clinical communication and collaboration, clinician adoption, analytics, clinical decision support, provider operational analysis, and clinical process redesign.